Kamis, 20 Agustus 2020

TLS V1.2 Sigalgs Remote Crash (CVE-2015-0291)


OpenSSL 1.0.2a fix several security issues, one of them let crash TLSv1.2 based services remotelly from internet.


Regarding to the TLSv1.2 RFC,  this version of TLS provides a "signature_algorithms" extension for the client_hello. 

Data Structures


If a bad signature is sent after the renegotiation, the structure will be corrupted, becouse structure pointer:
s->c->shared_sigalgs will be NULL, and the number of algorithms:
s->c->shared_sigalgslen will not be zeroed.
Which will be interpreted as one algorithm to process, but the pointer points to 0x00 address. 


Then tls1_process_sigalgs() will try to process one signature algorithm (becouse of shared_sigalgslen=1) then sigptr will be pointer to c->shared_sigalgs (NULL) and then will try to derreference sigptr->rhash. 


This mean a Segmentation Fault in  tls1_process_sigalgs() function, and called by tls1_set_server_sigalgs() with is called from ssl3_client_hello() as the stack trace shows.




StackTrace

The following code, points sigptr to null and try to read sigptr->rsign, which is assembled as movzbl eax,  byte ptr [0x0+R12] note in register window that R12 is 0x00

Debugger in the crash point.


radare2 static decompiled


The patch fix the vulnerability zeroing the sigalgslen.
Get  David A. Ramos' proof of concept exploit here





More info


  1. Hack Website Online Tool
  2. Hack Tools For Games
  3. Hacker Tools Hardware
  4. Hacker Techniques Tools And Incident Handling
  5. Hacker Hardware Tools
  6. How To Make Hacking Tools
  7. Underground Hacker Sites
  8. Hacker Tools
  9. Hacker Tools Software
  10. Hacking Tools Online
  11. Pentest Tools Find Subdomains
  12. Install Pentest Tools Ubuntu
  13. Hacking Tools Online
  14. Hack Tool Apk No Root
  15. Hacking App
  16. Pentest Tools Alternative
  17. What Is Hacking Tools
  18. Ethical Hacker Tools
  19. Hacking App
  20. Underground Hacker Sites
  21. Hacker Tools 2020
  22. Bluetooth Hacking Tools Kali
  23. Pentest Tools Apk
  24. Android Hack Tools Github
  25. Black Hat Hacker Tools
  26. Hacking Tools For Mac
  27. Hacker Tools 2020
  28. Nsa Hacker Tools
  29. Hacking Tools For Pc
  30. Hacking Apps
  31. Hack Tools Pc
  32. Pentest Tools Github
  33. Hacker Security Tools
  34. Hack Tools For Ubuntu
  35. Nsa Hacker Tools
  36. Hackers Toolbox
  37. Pentest Tools Open Source
  38. Hacker Tools For Windows
  39. Pentest Tools Kali Linux
  40. Hack Tools Online
  41. Hacker Tools Github
  42. Pentest Tools Tcp Port Scanner
  43. How To Make Hacking Tools
  44. Hack Tools
  45. Hacking Tools For Beginners
  46. Github Hacking Tools
  47. Hacking Tools Windows 10
  48. Pentest Tools For Mac
  49. Hacking Tools Free Download
  50. What Is Hacking Tools
  51. Hacker Tools Apk
  52. Kik Hack Tools
  53. Hack Tools For Pc
  54. Beginner Hacker Tools
  55. Hacking Tools Github
  56. Hack Tools 2019
  57. Pentest Tools Open Source
  58. Pentest Automation Tools
  59. Hack Tools
  60. Hacking Tools Mac
  61. Hack Tools
  62. Hacker Tools Hardware
  63. Pentest Tools Url Fuzzer
  64. Hacking Tools For Windows
  65. Tools For Hacker
  66. Hacker Tools Linux
  67. Hacking Tools Software
  68. Hack Tools
  69. Pentest Tools Bluekeep
  70. Tools Used For Hacking
  71. Hacking Tools For Pc
  72. Pentest Tools Url Fuzzer
  73. Hacker Tools Github
  74. Hacker Tools Software
  75. Hacking Tools Mac
  76. Hacking Tools Github
  77. Hacking Tools For Windows
  78. Hacking Tools For Beginners
  79. How To Install Pentest Tools In Ubuntu
  80. Hacking Tools Kit
  81. Pentest Tools Apk
  82. Wifi Hacker Tools For Windows
  83. Wifi Hacker Tools For Windows
  84. Pentest Tools Kali Linux
  85. Pentest Reporting Tools
  86. Hacking Tools For Windows
  87. Hack Tools Github
  88. Hack Tool Apk
  89. Hacker
  90. Pentest Tools Windows
  91. Hacker Tools Linux
  92. Hacker Tool Kit
  93. Pentest Tools For Windows
  94. Wifi Hacker Tools For Windows
  95. Hacker Security Tools
  96. Hacker Tools Online
  97. Hacking Tools Github
  98. Pentest Tools Nmap
  99. Hack Tools For Pc
  100. Hacks And Tools
  101. Pentest Tools Subdomain
  102. Hacking Tools Free Download
  103. Hacker Search Tools
  104. Hack Tools Mac
  105. Pentest Tools Nmap
  106. Hacker
  107. Hackrf Tools
  108. Hack Tool Apk No Root
  109. Pentest Tools Download
  110. Best Hacking Tools 2019
  111. Pentest Tools Find Subdomains
  112. Hack Website Online Tool
  113. Hack Tools 2019
  114. Install Pentest Tools Ubuntu
  115. Hacker Tools 2020
  116. Bluetooth Hacking Tools Kali
  117. Pentest Tools Apk
  118. How To Hack
  119. Hack Tools 2019
  120. Hack Apps
  121. Hacking Tools For Games
  122. Black Hat Hacker Tools
  123. Nsa Hack Tools Download
  124. Pentest Tools Bluekeep
  125. What Is Hacking Tools
  126. Pentest Tools Online
  127. Nsa Hacker Tools
  128. Nsa Hacker Tools
  129. Hacking App
  130. Nsa Hack Tools Download
  131. Hacking Tools For Games
  132. Hacking Tools 2020
  133. Hack Tools
  134. Hacking Tools For Windows Free Download
  135. Hacker Tools Hardware
  136. Hack Tools For Games
  137. Hack Tools
  138. Hacker Tools Software
  139. Beginner Hacker Tools
  140. Hacker Tools Free Download
  141. How To Make Hacking Tools
  142. Best Hacking Tools 2019
  143. Hacking Tools Windows 10
  144. Pentest Tools For Windows
  145. Hacker Tools Linux
  146. Bluetooth Hacking Tools Kali
  147. Hacking Tools Windows
  148. Hacking App
  149. Hacking Tools
  150. Hacker Security Tools
  151. Hacking Tools Pc
  152. Hacker Tools Linux
  153. Hacking Tools And Software
  154. Game Hacking
  155. Hacker Tools For Windows
  156. Pentest Tools Url Fuzzer
  157. Physical Pentest Tools
  158. How To Make Hacking Tools
  159. Hack Tools Github
  160. Hacker Tools Free Download
  161. Hacker Tools Apk
  162. Kik Hack Tools
  163. Hacker Tools Online
  164. Hacking Tools For Mac
  165. Kik Hack Tools
  166. Hacker Tools Mac
  167. Hacking Tools For Windows
  168. Game Hacking
  169. Hack Tools Online
  170. Pentest Tools Windows
  171. Hacker Tools 2019
  172. Hacking Tools 2019

Tidak ada komentar: